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Abstract 

We  introduce  a  sequent  system  for  basic  category-theoretic  reasoning 
suitable  for  computer  implementation.  We  illustrate  its  use  by  giving 
a  complete  formal  proof  that  the  functor  categories  Fun[C  x  D,  E]  and 
Fun  [C,  Fun  [D,  E]  ]  are  naturally  isomorphic. 


1  Introduction 

Since  its  invention  in  1945  by  Samuel  Eilenberg  and  Saunders  Mac  Lane  [7], 
category  theory  has  had  a  profound  impact  in  many  areas  of  mathematics  and 
computer  science;  see  for  example  [8,  9,  11,  13,  16]. 

Unfortunately,  many  basic  category-theoretic  facts,  although  easy  to  state, 
can  be  quite  tedious  to  verify  formally.  For  example,  consider  the  well-known 
fact  that  Cat,  the  category  of  (small)  categories,  is  cartesian-closed  [10,  Ex.  1, 
p.  45],  or  more  generally,  that  there  exists  a  natural  isomorphism  of  functor 
categories 


Fun  [C  x  D.  E]  =  Fun  [C,  Fun  [D,  E]  ]  (1) 

[10,  Ex.  2,  p.  45].  This  statement  is  deceptively  concise  in  that  it  contains 
a  large  amount  of  compressed  information.  A  complete  formal  verification  by 
hand  would  be  quite  onerous  due  to  the  enormous  number  of  low-level  details 
that  must  be  checked.  This  task  is  uninteresting,  and  one  would  like  to  automate 
as  much  of  it  as  possible. 

In  print,  authors  often  do  not  bother  to  provide  formal  details  of  the  con¬ 
structions  that  establish  such  basic  facts,  let  alone  proofs  of  correctness.  Those 
arguments  that  are  explicitly  given  are  typically  expressed  in  terms  of  com¬ 
muting  diagrams,  and  verification  amounts  to  visual  arrow  chasing.  This  is 
adequate  for  humans,  but  does  not  lend  itself  well  to  automation.  Eklund  et  al. 
[8]  present  a  graphical  technique  aimed  at  simplifying  the  verification  of  such 


category-theoretic  constructions,  but  again  this  is  meant  for  human  consump¬ 
tion  and  not  for  computers. 

There  have  been  a  few  attempts  at  automating  parts  of  category  theory 
[3,  5,  14,  15].  The  closest  in  spirit  to  the  present  work  is  the  system  of  Caccamo 
and  Winskel  [5],  which  we  denote  here  by  CW.  Their  system  is  a  second-order 
sequent  calculus  in  which  types  denote  categories  and  expressions  denote  func¬ 
tors.  Equational  judgements  are  interpreted  as  natural  isomorphisms  between 
functors.  The  system  can  prove  that  a  certain  expressions  are  functorial  in  their 
free  variables  or  that  two  expressions  are  naturally  isomorphic.  In  addition,  it 
is  able  to  handle  arguments  involving  limits  and  more  general  ends,  thereby 
supporting  algebraic  manipulation  of  universal  constructions.  They  suggest  an 
approach  to  implementation  of  the  calculus  in  the  theorem  prover  Isabelle/HOL 
[12]- 

One  omission  in  the  work  of  Caccamo  and  Winskel  is  machinery  for  reason¬ 
ing  about  the  more  primitive  building  blocks  on  which  the  theory  is  based.  In 
this  paper  we  attempt  to  fill  this  gap.  We  present  a  first-order  sequent  calculus 
in  the  style  of  CW  that  captures  the  basic  properties  of  categories,  functors,  and 
natural  transformations.  As  with  CW,  our  system  is  a  mix  of  typing  judgements 
and  equational  reasoning,  but  unlike  CW,  types  are  sets  of  objects  and  homsets 
of  (small)  categories,  expressions  represent  objects  and  arrows,  and  the  equa¬ 
tions  are  interpreted  as  equality  of  objects  and  arrows,  not  isomorphisms.  We 
have  used  the  system  to  prove  the  natural  isomorphism  (1)  mentioned  above, 
among  other  basic  category-theoretic  facts.  The  system  is  thus  complementary 
to  CW  and  might  coexist  with  it  in  a  supporting  role. 

The  chief  differences  between  the  two  systems  are: 

(i)  Our  system  is  strictly  first-order,  whereas  CW  is  primarily  second-order.  It 
is  noteworthy  that  many  basic  category-theoretic  facts  can  be  established 
without  resorting  to  any  second-order  constructs.  This  is  important  from 
both  a  complexity-theoretic  and  proof-theoretic  standpoint. 

(ii)  CW  contains  no  pure  equality  construct.  Equations  are  interpreted  as  iso¬ 
morphisms.  In  contrast,  our  system  can  reason  about  equality  of  expres¬ 
sions  representing  objects,  arrows,  functors,  and  natural  transformations. 

(iii)  CW  assumes  several  high-level  theorems  such  as  the  Yoneda  embedding  as 
axioms  in  the  form  of  proof  rules,  whereas  our  system  operates  at  a  more 
primitive  level.  It  captures  the  fundamental  definitions  of  functors  and 
natural  transformations  in  a  few  symmetric  first-order  introduction  and 
elimination  rules.  It  is  quite  concise  compared  to  CW,  and  it  is  interesting 
to  see  just  how  far  one  can  go  with  so  little  machinery. 

(iv)  The  implementation  as  envisioned  by  Caccamo  and  Winskel  would  be  in 
the  form  of  a  proof  assistant,  where  an  expert  user  would  direct  the  evo¬ 
lution  of  the  proof.  In  contrast,  after  working  out  several  examples  in  our 
system,  it  is  apparent  that  a  large  part  of  the  reasoning,  if  not  all,  can 
be  fully  automated.  One  observes  that  the  application  of  rules  is  largely 
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syntax-directed  and  deterministic.  Modulo  equational  reasoning,  argu¬ 
ments  tend  to  break  down  into  the  application  of  analysis  (elimination) 
rules  followed  by  the  application  of  synthesis  (introduction)  rules,  sug¬ 
gesting  a  normal  form  for  proofs.  Equational  reasoning  involves  primarily 
substitution  of  equals  for  equals  and  extensionality  rules.  The  extension- 
ality  rules  are  not  the  general  extensionality  (77-)  rules  of  the  typed  lambda 
calculus,  but  rather  rules  of  a  more  limited  first-order  form  (rules  (18)-(21) 
below),  and  their  use  again  tends  to  exhibit  a  discernable  normal  form. 

As  with  CW,  our  system  is  quite  amenable  to  computer  implementation. 

This  might  be  done  in  an  existing  framework  such  as  Isabelle/HOL  [12]  or  NuPrl 

[6],  however  the  higher-order  facilities  of  these  systems  would  not  be  required. 

2  Notational  Conventions 

We  assume  familiarity  with  the  basic  definitions  and  notation  of  category  theory 

[2,  10].  To  simplify  notation,  we  will  adhere  to  the  following  conventions. 

•  Symbols  in  sans-serif,  such  as  C,  always  denote  categories.  The  categories 
Set  and  Cat  are  the  categories  of  sets  and  set  functions  and  of  (small) 
categories  and  functors,  respectively. 

•  If  C  is  a  category,  we  use  the  symbol  C  to  denote  both  the  category  C  and 
the  set  of  objects  of  C. 

•  We  write  A  :  C  to  indicate  that  A  is  an  object  of  C.  Composition  is 
denoted  by  the  symbol  o  and  the  identity  on  object  A  :  C  is  denoted  1^. 
The  use  of  a  symbol  in  sans  serif,  such  as  C,  implicitly  carries  the  type 
assertion  C  :  Cat. 

•  We  write  h  :  C (A,  B)  to  indicate  that  h  is  an  arrow  of  the  category  C  with 
domain  A  and  codomain  B. 

•  Fun  [C,  D]  denotes  the  functor  category  whose  objects  are  functors  from 
C  to  D  and  whose  arrows  are  natural  transformations  on  such  functors. 
This  is  the  same  as  the  category  denoted  Dc  in  [10].  Thus  F  :  Fun  [C,  D] 
indicates  that  F  is  a  functor  from  C  to  D  and  <p  :  Fun  [C,  D]  (F,  G)  indicates 
that  ip  is  a  natural  transformation  with  domain  F  and  codomain  G,  where 
F,G  :  Fun  [C,  D] . 

•  Cop  denotes  the  opposite  category  of  C. 

•  /  :  X  —*  Y  indicates  that  /  :  Set(X,  Y),  that  is,  /  is  a  set  function  from 
set  X  to  set  Y.  We  use  the  symbol  — ■>  only  in  this  context.  Function 
application  is  written  as  juxtaposition  and  associates  to  the  left. 

•  F 1  and  F 2  denote  the  object  and  arrow  components,  respectively,  of  a 
functor  F.  Thus  if  F  :  Fun[C,D],  A,  B  :  C,  and  h  :  C (A,B),  then 
F1A,  F1B  :  D  and  F2h  :  D (F1A1F1B). 


3 


•  Function  application  binds  tighter  than  the  operators  1  and  2.  Thus  the 
expression  FlA2  should  be  parsed  (F1A)2. 

•  C  x  D  denotes  the  product  of  categories  C  and  D.  Its  objects  are  pairs 

(A,X)  :  C  x  D,  where  A  :  C  and  X  :  D.  and  its  arrows  are  pairs  (f,h)  : 

(C  x  D)((A,  X),  (B,  Y)),  where  /  :  C(A,  B)  and  h  :  D (X,Y).  Composition 

and  identities  are  defined  componentwise;  that  is, 

( 9 ,  k)  o  (/,  h)  d=  ( g  of,ko  h)  (2) 

1  (A,X)  =f  (1a,  lx)-  (3) 

•  We  sometimes  omit  the  commas  in  triples,  e.g. 

(CDE)  d=  (C,  D.  E) 

(PQR)  d^f  (PAIR). 

3  Rules 

The  rules  involve  sequents  T  h  a,  where  T  is  a  type  environment  (set  of  type 
judgements  on  atomic  symbols)  and  a  is  either  a  type  judgement  or  an  equation. 
There  is  a  set  of  rules  for  functors  and  a  set  for  natural  transformations,  as  well  as 
some  rules  covering  the  basic  properties  of  categories  and  equational  reasoning. 

The  rules  for  functors  and  natural  transformations  are  the  most  interesting. 
They  are  divided  into  symmetric  sets  of  rules  for  analysis  (elimination)  and 
synthesis  (introduction) . 

Categories 

There  is  a  collection  of  rules  covering  the  basic  properties  of  categories,  which 
are  essentially  the  rules  of  typed  monoids.  These  rules  include  typing  rules  for 
composition  and  identities 

Thd,5,C:C,  rh/:C(A,B),  Thg:C{B,C) 
T\-gof:C(A,C) 

T\-  A:C 
TblA:C {A,  AY 

as  well  as  equational  rules  for  associativity  and  two-sided  identity. 

Functors 

A  functor  F  from  C  to  D  is  determined  by  its  object  and  arrow  components 
F 1  and  F2 .  The  components  must  be  of  the  correct  type  and  must  preserve 
composition  and  identities.  These  properties  are  captured  in  the  following  rules. 


(4) 

(5) 
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Analysis 


T  b  F  :  Fun  [C,  D] ,  TbA:  C 

r  b  F1A  :  D  (  ’ 

T  b  F  :  Fun  [C,  D] ,  ThA,B:C,  T\-f:C(A,B) 

r  b  F2f  :  D (F1A,F1B)  ^  ’ 

T  \-  F  :  Fun  [C,  D] ,  ThA,B,C:  C,  Thf:C(A,B),  Thg:C(B,C) 

T\~  F2(go  f)  =  F2goF2f  (  } 

T  b  F  :  Fun  [C,  D] ,  F  h  A:  C 

r  b  f2ia  =  iFiA  (  } 


Synthesis 

T,  A  :  C  b  F1A  :  D 

r,  A,B  :  C,  g  :  C (A,  B)  b  F2g  :  D(F1A,  F1B) 

T,  A,B,C:  C,  /  :  C(A,  B),  g  :  C(B.  C)  b  F2(g  o  /)  =  F2g  o  F2/ 
r,  A  :  C  b  F21a  =  lFiA 

r  b  F  :  Fun  [C,  D] 


Natural  Transformations 

A  natural  transformation  p  :  Fun  [C,  D]  (F,  G )  is  a  function  that  for  each  object 
A  :  C  gives  an  arrow  pA  :  D(F1A,G1A),  called  the  component  of  p  at  A ,  such 
that  for  all  arrows  g  :  C(A,B),  the  following  diagram  commutes: 

,  „  F2g  , 

F1A - ^  F1B 

pA  pB  (11) 

C2n 

GXA  GXB 

Composition  and  identities  are  defined  by 

(< p  o  ip)  A  =f  pA  o  ip  A  (12) 

1  fA  =  lFiA-  (13) 

The  property  (11),  along  with  the  typing  of  p,  are  captured  in  the  following 
rules. 
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Analysis 


r  h  :  Fun  [C,  D]  (F,  G) 

r  b  F,G  :  Fun  [C,  D] 

rh  Fun[C,D](F,G),  T  h  A  :  C 
r  h  (pA  :  D(F1A,  G1A) 

rh  ip:  Fun[C,D](F,G),  rhA,B:C,  rhj:C(A,B) 
r  h  ipB  o  F2g  =  G2g  o  ipA 


(14) 

(15) 

(16) 


Synthesis 

rhf,G:  Fun  [C,  D] 
r,  A  :  C  h  <pA  :  D (F1A,G1A) 
r,  A1  B  :  C,  g  :  C (A,  B)  h  (pB  o  F2g  =  G2g  o  tpA 
Tb^:  Fun  [C,  D]  (F,  G) 


(17) 


Equational  Reasoning 


The  chief  tool  for  equational  reasoning  is  substitution  of  equals  for  equals.  We 
also  provide  extensionality  rules  for  objects  of  functional  type: 


rhf,G:  Fun  [C,  D] ,  T,A:C\~F1A  =  G1A 
r  b  F1  =  G1 


(18) 


r  b  F,G:  Fun  [C,  D]  ,  r,  A,  B  :  C,  g  :  C(A,  B)  b  F2g  =  G2g 

!  F2-G2  1  ’ 


r  b  F,G  :  Fun  [C,  D] ,  r  b  F1  =  G1,  T  b  F2  =  G2 
I  b  f’  =  G 


(20) 


r  b  F,  G  :  Fun  [C,  D] 

T  :  Fun  [C,  D]  (F,  G) 

r,  A  :  C  b  ipA  =  ip  A 
r  h  ip  =  ip 


(21) 


Certain  equations  on  objects  and  arrows  are  assumed  as  axioms,  including 
the  associativity  of  composition  and  two-sided  identity  rules  for  arrows,  the 
equations  (2)  and  (3)  for  products,  and  the  equations  (12)  and  (13)  for  natural 
transformations. 

We  also  allow  equations  on  types  and  substitution  of  equals  for  equals  in 
type  expressions.  Any  such  equation  a  =  (3  takes  the  form  of  a  rule 


T  b  A  :  a 
r  h  A  :  /3' 

We  postulate  as  axioms  the  type  equations 


(22) 


Cat(C,  D)  =  Fun  [C,  D] 
C  =  Cop 

C(A,B)  =  Cop(B,  A). 
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(23) 

(24) 

(25) 


Other  Rules 

There  are  also  various  rules  for  products,  weakening,  and  other  structural  rules; 
see  [5].  These  are  quite  standard  and  do  not  bear  explicit  mention. 


4  An  Application 

We  illustrate  the  system  by  giving  a  formal  proof  of  the  following  fact. 
Theorem  4.1  ([10,  Ex.  2,  p.  45])  Let  C,  D,  E  be  categories.  Then 
Fun  [C  x  D,  E]  £*  Fun  [C,  Fun  [D.  E]  ] , 

where  =  denotes  isomorphism  of  categories.  The  isomorphism  is  natural  in 

C,  D.  and  E. 

Proof.  The  proof  will  be  broken  into  four  steps: 

1.  the  construction  of  a  functor 

6»(CDE)  :  Fun  [Fun  [C  x  D,  E] ,  Fun  [C,  Fun  [D,  E]  ]  ] ; 


2.  the  construction  of  a  functor 

??(CDE)  :  Fun  [Fun  [C,  Fun  [D,  E]  ] ,  Fun  [C  x  D.  E]  ] ; 


3.  the  demonstration  that  0(CDE)  and  ry(CDE)  are  inverses; 

4.  establishing  naturality. 

In  step  4,  we  show  that  the  functors  6*(CDE)  and  ?7(CDE)  are  natural  in  the 
parameters  C,  D,  E;  that  is,  9  and  77  are  natural  transformations  with  components 
0(CDE)  and  77(CDE).  However,  we  will  not  need  to  make  the  dependence  on 
(CDE)  explicit  until  step  4,  so  to  save  notation,  we  will  write  9  for  0(CDE)  and 
77  for  ?7(CDE)  in  steps  1-3. 


Step  1  For  this  step,  we  will  work  in  the  following  type  environment: 


F,G,H  :  Fun  [C  x  D,  E] 

A,B,C  :  C 
X,Y,Z  :  D 

/  :  C  (A,B) 

9  ■  C  (B,C) 
h  :  D(X,T) 
k  :  D(Y,  Z) 
ip  :  Fun  [C  x  D,  E]  (F,  G) 
v>  :  Fun  [C  x  D,  E]  (G,  H). 
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Under  these  assumptions, 

define 

91F1A1X 

def 

F\A,X) 

:  E 

(26) 

91F1A2h 

def 

F2(lA,h) 

:  E (F\A,X),F\A,Y)) 

(27) 

9lF2  fX 

def 

F2(fAx) 

:  E (F\A,X),F\B,X)) 

(28) 

92tpAX 

def 

<P(A,X): 

E  (F\A,X),G\A,X)). 

(29) 

The  type  judgement  in  (26)  follows  from  (6);  in  (27)  and  (28),  from  (5)  and  (7); 
and  in  (29),  from  (15).  We  must  verify  that  the  definitions  (26)-(29)  define  a 
functor  9  of  the  correct  type. 

It  follows  from  (26)-(29)  that 


91F1A2h 

E  (91F1A1X,91F1A1Y) 

(30) 

91F2  fX 

E  (91F1A1X,91F1B1X) 

(31) 

92ipAX 

E  (91F1A1X,91G1A1X). 

(32) 

Also,  using  (27)  and  the  basic  equational  properties  of  functors  and  composition, 

01F1A\gok)  =  F2(lA,goh)  =  F2(1A,  g)  o  F2(1A,  h) 

=  91F1A2go01F1A2h  (33) 

91F1A21x  =  F2(1A,  lx)  =  F2( 1{A>X)) 

=  1  F1(A,X)  =  1  e1F1A1x-  (34) 

Applying  the  rule  (10)  with  premises  (26),  (30),  (33),  and  (34),  we  have 

61FlA  :  Fun  [D,  E] .  (35) 

Since  A  :  C  was  arbitrary,  the  conclusion  (35)  essentially  says  that  the  object 
component  91F1  of  6lF  is  a  function  of  type  C  — >  Fun  [D,  E] .  We  cannot  express 
this,  since  the  type  constructor  — >  is  not  part  of  the  language.  Nevertheless,  it 
is  enough  to  show  what  we  have  shown  in  order  to  establish  a  premise  in  the 
application  below  of  the  synthesis  rules  (10)  and  (17). 

For  the  arrow  component  91F2  of  81F,  using  (27)  and  (28), 

91F2 fY  o  91F1A2h  =  F2(f,lY)°F2(lA,h)  =  F2(f,h) 

=  F2(lB,h)oF2(f,lx) 

=  91F1B2ho61F2fX.  (36) 

Applying  the  rule  (17)  with  premises  (35),  (31),  and  (36), 

91F2f  :  Fun  [D,  E]  (91F1A1 91F1B).  (37) 

Again,  since  /  :  C (A,  13)  was  arbitrary,  we  have  essentially  shown  that  91F2  is 
a  function  whose  type  in  a  higher-order  system  would  be  expressed 

VA  :  C  .  \/B  :  C  .  C(A,  B)  ->  Fun  [D,  E]  {91F1A1 91F1B), 
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but  our  first-order  language  cannot  express  this. 

By  (28),  (8),  and  (12), 

91F2(gof)X  =  F2(gof,lX)  =  F2(g,  lx)  o  F2(f,  lx) 

=  61F2gX  o  01F2fX  =  {61F2g  o  61F2f)X, 

and  by  (28),  (9),  (26),  and  (13), 

e^ux  =  f2(ia,ix)  =  f2  i(A'X) 

=  1  F1(A,X)  =  1  e1F1A1X  =  1  01F1aX, 

therefore  by  extensionality  (21), 

e1F2(gof)  =  91F2g  o  91F2f,  (38) 

91F21A  =  lgiFiA.  (39) 

Now  applying  the  rule  (10)  with  premises  (35),  (37),  (38),  and  (39), 

9lF  :  Fun [C,  Fun [D, E] ] .  (40) 

Since  F  :  Fun  [C  x  D,  E]  was  arbitrary,  this  will  imply  that  the  object  component 
91  of  9  is  of  the  correct  type. 

For  the  arrow  component  9 2,  by  (29),  (27),  and  (16), 

92(pAY  o  91F1A2h  =  (p(A,  Y)  o  F2(1A,  h) 

=  G2(lA,h)oip(A,X) 

=  91G1A2h.o92<pAX.  (41) 

Using  rule  (17)  with  premises  (35),  (32),  and  (41), 

92<pA  :  Fun  [D,  E]  (91F1A,  91G1A).  (42) 

In  addition,  using  (29),  (28),  and  (16), 

(92(pB  o  91F2 f)X  =  92LpBX  o  91F2 fX  =  ip(B,  X)  o  U2(/,  l.Y) 

=  G2(/,  1x)  o  <p(A, X)  =  91G2fXo92<pAX 
=  ( 91G2f  o92ipA)X .  (43) 

Since  X  :  D  was  arbitrary,  by  (21), 

92vBo91F2f  =  61G2f  o  92g>A.  (44) 

It  follows  from  rule  (17)  with  (40),  (42),  and  (44)  as  premises  that 

92ip  :  Fun  [C,  Fun  [D,  E]  ]  (91F,  91G).  (45) 
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Using  (29),  (26),  and  the  basic  properties  of  natural  transformations  (12) 
and  (13), 


92(ip  o  ip)  AX 
921fAX 


(tjjo  ip)(A,X)  =  ip(A,  X)  o  <p(A,  X) 
92ipAX  o  92pAX  =  (92ip  o  92ip)AX , 
1  f{A,X)  =  1  f1(a:x)  =  1  e1F1A1x 

1  91F1aX  =  lgipAX. 


Since  A  :  C  and  X  :  D  were  arbitrary,  by  two  applications  of  extensionality  (21), 
we  have 


92(ipoip)  =  92ipo92ip  (46) 

921F  =  lgiF-  (47) 

It  follows  from  rule  (10)  with  (40),  (45),  (46),  and  (47)  as  premises  that 

9  :  Fun  [Fun  [C  x  D,  E] ,  Fun  [C,  Fun  [D,  E]  ]  ] . 

This  establishes  that  9  is  a  functor  of  the  correct  type. 


Step  2  For  this  step,  we  will  work  in  the  following  type  environment: 

F,G,H  :  Fun  [C,  Fun  [D,  E]  ] 

A,B,C  :  C 
X,Y,Z  :  D 

/  :  C  (A,B) 

9  ■  C  (B,C) 
h  :  D(X,Y) 
k  :  D  (Y,  Z) 

p  :  Fun  [C,  Fun  [D,  E]  ]  (F,  G) 
ip  :  Fun  [C,  Fun  [D,  E]  ]  (G,  H). 


Under  these  assumptions,  define 


VXF\A,X) 

def 

F1A1X  :  E 

(48) 

rl1F2(f,  h) 

def 

F2fYoF1A2h  =  F1B1h  o  F2 fX 

(49) 

r]2ip(A,X) 

def 

p AX  :  E (F1AlX1GlA1X) 

(50) 

(we  will  argue  that  the 

two 

terms  on  the  right-hand  side  of  (49) 

are  equal 

and  discuss  their  typing  below).  The  type  judgement  in  (48)  follows  from  two 
applications  of  (6);  and  in  (50),  from  two  applications  of  (15).  It  follows  from 
(48)  and  (50)  that 

r?<p(A,X)  :  E  (r11F1(A,X),r]1G1(A,X)).  (51) 
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First  we  show  that  the  types  of  rfF1  and  r^F2  are  correct.  For  g1F1,  since 
A  :  C  and  X  :  D  were  arbitrary,  (48)  will  imply  that  ?;1F1  is  of  the  correct  type. 

For  r71F2,  by  (6),  (7),  and  (48),  we  have 

Fl  A2  h  :  E(r]1F1(A,X),r]1F1(A,Y)) 

F1B2h  :  E  (n1F1(B,X),ri1F1(B,Y)). 

Also,  by  (7),  (15),  and  (48),  we  have 

F2fX  :  E  (V1F\A,X),r11F1(B,X)) 

F2fY  :  E  (r]1F1(A,Y),r]1F1(B,Y)). 

Thus  for  (f,h)  :  (C  x  D)((A,  X),  (B,  Y)), 

F2fYoF1A2h ,  F1B2hoF2fX  :  E {r]1F1(A,X),r]1F1(B,Y)). 

Since  F2f  :  Fun  [D.  E]  (fA,  FlB)  by  (7), 

F2fYoF1A2h  =  F1B2hoF2fX 

by  (16),  therefore  r;1F2(/,  h)  is  well  defined  by  (49),  and 

V1F2(f,h )  :  E  (r11F1(A,X),r]1F1(B,Y)).  (52) 

To  show  that  r^F2  respects  composition  and  identities,  we  reason  equation- 
ally. 

rj1F2(g,k)or11F2(f1h)  =  F1C2k  o  F2 gY  o  F2 fY  o  F1  A2h  by  (49) 

=  F1C2ko(F2goF2f)YoF1A2h  by  (12) 

=  F1C2koF2{go  f)Y  oF1A2h 
=  F1C2koF1C2hoF2(gof)X  by  (16) 

=  F1C2(koh)oF2(gof)X 
=  V1F2(g  o  f,ko  h)  by  (49) 

=  V1F2((g,k)o(f,h))  (53) 


rilF\A,x)  =  ii1F2(lA:lx) 


=  F21aX  o  F1A21x 

by  (49) 

=  If'aX  o  lFiAix 

by  (9) 

=  1 F1A1X  0  1 F1A1X 

by  (13) 

=  1  T]1F1(A,X) 

by  (48). 

(54) 

By  rule  (10)  with  (48),  (52),  (53),  and  (54)  as  premises, 

ry1F  :  Fun  [C  x  D,  E] . 

(55) 

11 


Now  we  wish  to  show  using  (17)  that  rftp  :  Fun[C  x  D,  E]  {rpF,  r/1  G) .  For 
the  typing,  from  (7)  and  (15),  we  have 

F2f  :  Fun  [D,  E]  (F1A,  F1B) 

G2  f  :  Fun  [D,  E]  (G1  A,  G1B) 
c pA  :  Fun[D,E](FllA,G1A) 

<pB  :  Fun  [D,  E]  (F1B1  G1B), 

therefore  by  (16), 

ipB  o  F2 f  =  G2  f  o  if  A  :  Fun  [D.  E]  {F1A,  G1B).  (56) 

Reasoning  equationally  to  establish  the  third  premise  of  (17), 

r Y)  o  r]1F2(f,  h)  =  if  BY  o  F2  }Y  o  F1A2h  by  (49)  and  (50) 

=  ( tpBoF2f)YoF1A2h  by  (12) 

=  G1B2ho(ifBoF2f)X  by  (16) 

=  G1B2h  o  (G2f  o  tpA)X  by  (56) 

=  G1B2h  o  G2fX  o  fAX  by  (12) 

=  7/1G2(/,  h)  o  r]2(f(A,  X)  by  (49)  and  (50). 

This  fact  together  with  (55)  and  (51)  establish  all  the  premises  of  (17),  therefore 

rfip  :  Fun  [C  x  D,  E]  {r^F,  r^G).  (57) 


Finally,  reasoning  equationally,  we  have 


r]2(il>  0  ip)  (A,  X)  =  {ip  0  if) AX 

by  (50) 

=  ipAX  0  if  AX 

by  (12)  twice 

=  ri2ip{A,X)  oV2if{A,X) 

by  (50) 

=  (r)2ipoiff>)(A,X) 

by  (12), 

r/2lF(A,  X)  =  1  fAX 

by  (50) 

=  1 F1A1X 

by  (13)  twice 

=  lr 11F1(A,X) 

by  (48) 

=  1  vif(AX) 

by  (13). 

Since  A  :  C  and  X  :  D  were  arbitrary, 

r/2[tl>oip)  =  ij2 1/;  o  r]2 (f 
r]2lF  =  1, fF- 

By  (10)  using  (55),  (57),  (58),  and  (59)  as  premises, 

:  Fun  [Fun  [C,  Fun  [D,  E]  ] ,  Fun  [C  x  D,  E]  ] . 


(58) 

(59) 


This  establishes  that  77  is  a  functor  of  the  correct  type. 
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Step  3  For  this  step,  we  work  in  the  following  type  environment: 


F,G  :  Fun  [C  x  D,  E] 

H,K  :  Fun [C,  Fun [D,  E]  ] 

A,B  :  C 
X,Y  :  D 
/  :  C  (A,B) 
h  :  D(A,Y) 

<p  :  Fun  [C  x  D,  E]  (F,  G) 
ip  :  Fun  [C,  Fun  [D,  E]  ]  (H,  K). 

To  show  that  9 1  and  771  are  inverses,  by  (26)-(28)  and  (48)-(49), 

r]1  (91  F)1(A,  X)  =  91F1AlX  =  F1(A,X), 
r/1(01F)2(f,h)  =  91F2fY  o  01F1A2h  =  F2(f,h). 

By  extensionality,  r]1(91F)  =  F. 

Also,  by  (26)  and  (48), 

91(r]1H)1A1X  =  771fF1(A,  X)  =  H1A1X , 

and  by  (27),  (49),  (9),  and  (13), 

9\i11H)1A2h  =  rilH2(lA,h)  =  H1A2ho  H21aX 

=  H1A2h  o  lHiAX  =  H1A2holmAix  =  H1A2h. 

Since  X  :  D  and  h  :  D(X,  Y)  were  arbitrary,  91(ij1H)1A  =  FI1  A,  and  since  A  :  C 
was  arbitrary,  91(rj1H)1  =  H1.  In  addition,  using  (28),  (49),  and  (9), 

9\r?H)2fX  =  lx)  =  H2fXoH1A2lx 

=  H2fX  olji^  =  H2fX, 

and  since  X  :  D  and  /  :  C(A,B)  were  arbitrary,  91(ij1H)2  =  if2,  therefore 
91(i11H)  =  H. 

To  show  that  92  and  rj 2  are  inverses,  by  (29)  and  (50), 

92(r)2ip)AX  =  r]2ip{A,X)  =  ip  AX 
ri2(92ip)(A,X)  =  92ipAX  =  ip(A,X). 

Since  A  :  C  and  X  :  D  were  arbitrary,  92(r]2ip)  =  ip  and  rj2(92ip)  =  if. 

Step  4  This  step  turns  out  to  be  the  most  involved  of  the  four  steps.  For  the 
remainder  of  the  proof  we  will  suppress  detail  in  equational  arguments,  concen¬ 
trating  on  the  overall  structure  of  the  proof.  All  of  the  equational  arguments 
are  of  the  same  flavor  as  those  in  steps  1-3  and  are  no  more  difficult. 
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Let  Cat3  abbreviate  Catop  x  Catop  x  Cat. 

Recall  that  the  symbols  9  and  ?y  were  used  as  abbreviations  for  0(CDE)  and 
7/(CDE)  in  steps  1-3  above.  Although  the  constructions  and  proofs  of  steps  1-3 
depended  on  the  parameters  C,  D,  and  E,  they  did  so  in  a  uniform  way,  so  it 
was  not  necessary  to  mention  the  dependence  explicitly.  In  a  sense,  the  very 
fact  that  we  were  able  to  carry  out  steps  1-3  without  reference  to  the  particular 
nature  of  the  categories  C,  D,  and  E  is  an  indication  that  the  construction  was 
natural. 

We  would  like  to  prove  this  formally.  In  this  step,  therefore,  we  will  write 
0(CDE)  and  ??(CDE)  for  what  was  abbreviated  as  9  and  rj,  respectively,  in  steps 
1-3.  The  symbols  9  and  will  now  take  on  their  true  meaning  as  natural 
transformations 


9  :  Fun  [Cat3,  Cat]  (U,  V) 
r]  :  Fun  [Cat3,  Cat]  (V,  U), 

of  which  6*(CDE)  and  rj( CDE)  are  the  components,  for  suitably  defined  functors 
U,V  :  Fun  [Cat3,  Cat] .  We  must  derive  this  typing  of  9  and  rj  to  establish 
naturality. 

For  the  first  part  of  this  step,  we  work  in  the  following  type  environment: 


p 

Fun  [L,  C]  =  Cat(L,  C)  =  Catop(C,  L) 

Q 

Fun  [M,  D]  =  Cat(M,  D)  =  Catop(D,  M) 

R 

Fun  [E,  N]  =  Cat(E,  N) 

I 

Fun  [P,  L]  =  Cat(P,  L)  =  Catop(L,  P) 

J 

Fun  [Q,  M]  =  Cat(Q,  M)  =  Catop(M,Q) 

I< 

Fun  [N,  R]  =  Cat(N,  R) 

f,g,h 

Fun  [C  x  D,  E] 

<P 

Fun  [C  x  D,  E]  (F,  G) 

Fun  [C  x  D,  E]  (G,  H) 

L,  M,  N 

Fun  [C,  Fun  [D.  E]  ] 

a 

Fun [C, Fun [D. E] ] (L,  M) 

T 

Fun  [C,  Fun  [D.  E]  ]  (M,  N) 

A,  B,  C 

L 

X,Y,Z 

M 

f 

L  (A,B) 

9 

L  (B,C) 

h 

M(X,  Y) 

k 

M  (Y,Z). 

First  we  define  U  and  V  and  establish  that  they  are  of  the  correct  type. 
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Define 

U\ CDE)  d=  Fun  [C  x  D,  E]  :  Cat  (60) 

U2{PQR)1F1{A1X)  d=  R1  (F1  (P1  A,  Q1  X))  :  N  (61) 

U2{PQR)1F2{f1h)  d=  R2{F2{P2f,Q2h)) 

:  N (R1(F1(P1A,  Q1X)),R1(F1(P1B,  Q1^))) 

:  N(U2(PQR)1F1(A,X),U2(PQR)1F1(B,Y))  (62) 

U2(PQR)2v{A,X)  ^  R2(ip(P1A,  Q1X)) 

:  N(R1(F1(P1A,  Q1X)),R1(G1(P1A,  Q1X))) 

:  N(U2(PQR)1F1(A,X),U2(PQR)1G1(A,X ))  (63) 

The  typing  of  the  expressions  on  the  right-hand  sides  of  these  equations  fol¬ 
lows  from  the  analysis  rules  for  functors  and  natural  transformations  and  from 
substitution  of  (61). 

By  equational  reasoning  using  (62),  (2)  and  (8)  for  the  first  equation  and 
(61),  (62),  (3),  and  (9)  for  the  second, 

U2(PQR)1F2((g,k)o(f,h )) 

=  U2(PQR)1F2(g1k)oU2(PQR)1F2(f,h)  (64) 

U2(P(5f?)1F2l(J4ix)  =  ^-U2(PQR)1  F1(A,X)  •  (65) 

We  can  conclude  from  (10)  using  (61),  (62),  (64),  and  (65)  as  premises  that 

U2(. PQRfF  :  Fun  [L  x  M,  N]  (66) 

and  similarly 

U2(PQRyG  :  Fun  [L  x  M,  N]  (67) 

From  (16),  we  have 

ip(P1B1  Q1Y)  o  F2(P2  f,  Q2h)  =  G2(P2  f,  Q2h)  o  ip(PlA,  Q1X). 

By  equational  reasoning  using  this,  (62),  and  (63), 

U2(PQR)2p(B,  Y)  o  U2(PQR)1F2(f,  h) 

=  U2(PQR)1G2(f,h)oU2(PQR)2<p(A,X)  (68) 

By  (17)  with  (66),  (67),  (63),  and  (68)  as  premises, 

U2(PQR)2ip  :  FunEL  x  M:m{U2(PQR)1F,U2(PQR)1G).  (69) 

Equational  reasoning  using  (63),  (61),  (12),  and  (13)  yields 

t/2(PQF)2(V’o<^)(A,X)  =  ( U2(PQR)2<poU2{PQR)2<p)(A,X ) 
U2(PQR)21f(A,X)  =  lU2^PQRyF(A,X), 
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and  since  A  :  L  and  X  :  M  were  arbitrary, 


U2{PQR)2{ip  o  ip)  = 

U2{PQR )2^  O  U2{PQR)2<p 

(70) 

U2{PQR)21F  = 

1  U2{PQR)1F- 

(71) 

By  (10)  using  (66),  (69),  (70),  and  (71) 

as  premises, 

U2{PQR )  :  Fun  [Fun  [C 

x  D,  E] ,  Fun  [L  x  M,N]], 

thus  by  (23)  and  (60), 

U2{PQR)  :  Cat(/71(CDE),  /71(LMN)). 

(72) 

The  following  equations  can  be  established  by  purely  equational  reasoning: 

U2{{IJK)  o  { PQR))1F1{A,X ) 

= 

{U2{IJK)  oU2{PQR))1F1{A,X) 

U2{{IJK)  o  {PQR))1F2{f ,  h) 

= 

{U2{IJK)  o  U2{PQR))1F2{f ,  h) 

U2{{IJK)o{PQR))2<p{A,X) 

= 

{U2{IJK)  o  U2{PQR))2<p{A,X) 

U2llCDE)F\A,X) 

= 

lr/1(CDE)^ll(^’  X) 

U2l}CDE)F2{f,h) 

= 

l[/1(CDE)-fl2(/)  h) 

^~1(Cde)<F’(A  X) 

= 

lf/1(CDE)<F(^>^)- 

Since  A ,  X ,  /,  and  h  were  arbitrary,  by  the  extensionality  rules, 

U2{{IJK)  o  ( PQR))lFl 

= 

( U2{IJK)oU2{PQR))1F 1 

U2{{IJK)  o  ( pqr)Yf 2 

= 

( U2{IJK)oU2{PQR))1F 2 

U2{{IJK)  o  ( PQR))2y 

= 

{U2{IJK)  o  U2{PQR))2p 

^l(CDE)^1 

= 

iC/1(CDE)-^ 

^21(cde)^2 

= 

1  1  172 

iC/1(CDE)^ 

^21('cde)<F 

= 

1  2 

iC/1(CDE)V?- 

By  extensionality  (20), 

U2{{IJK)  o  {PQR))lF 

= 

{U2{IJK)oU2{PQR))1F 

U21\cde)F 

= 

^u1(Cde)F, 

and  since  F  and  ip  were  arbitrary, 

U2{{IJK)  o  {PQR))1 

= 

{U2{IJK)oU2{PQR))1 

U2{{IJK)  o  {PQR))2 

= 

{U2{IJK)  o  U2{PQR))2 

^~1(TDE) 

= 

ll 

ir/1(CDE) 

rr2i  2 

U  1(CDE) 

= 

1  2 

i(71(CDE)' 

Again  by  (20), 

U2{{IJK)  o  {PQR)) 

= 

U2{IJK)  o  U2{PQR) 

(73) 

U2  l(CDE) 

= 

Ic/Hcde)- 

(74) 
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By  (10)  using  (60),  (72),  (73),  and  (74)  as  premises, 

U  :  Fun  [Cat3,  Cat] .  (75) 

This  establishes  the  type  of  U. 

The  argument  for  V  is  similar,  using  the  definitions 

V1(CDE)  d=  Fun  [C,  Fun  [D,  E]  ]  :  Cat  (76) 

V2  (PQR)1  L1  A1  X  d=  R1  (L1  (P1  A)1  (Q1  X))  :  N  (77) 

V2(PQR)1L1A2h  d=  R2(L1(P1A)2(Q2h)) 

:  ^(R1  (L1  (P1  A)1  (Q1  X)) ,  R1  (L1  (P1  A)1  (Q1Y))) 

:  H(V2(PQR)1L1A1X,V2(PQR)1L1A1Y)  (78) 

V2(PQR)1L2  fX  =  R2(L2(P2  f)(Q1X)) 

:  N(R1(L1(P1A)1(Q1X)),R1(L1(P1B)1(Q1X))) 

:  N(V2(PQR)1L1A1X,V2(PQR)1L1B1X)  (79) 

V2{PQR)2aAX  d=  R2{a{PlA){Q1X)) 

:  N(R1(L1{P1A)l(Q1X)),R1{Ml(P1A)l(Q1X))) 

:  N(V2(PQR)1L1A1X,  V2 (PQR)1  M1  A1  X) .  (80) 


Again,  the  typing  of  the  expressions  on  the  right-hand  sides  of  these  equations 
follows  from  the  analysis  rules  for  functors  and  natural  transformations. 

By  three  applications  of  (17),  it  follows  from  (77)-(80)  that 

V2(PQR)2ctA  :  Fun  [M,  N]  (V2 (PQR)1  L1  A,  V2(PQR)1M1A) 
V2{PQR)2a  :  Fun  [L,  Fun  [M,  N ^{V2(PQR)1L,V2(PQR)1M)  (81) 
V2(PQR)1L2 f  :  Fun  [M,  N]  (V2(PQR)1L1A,  V2(PQR)1L1B)  (82) 

From  (10),  using  (77),  (78),  and  the  equations 

V2(PQR)1L1A2(k  o  h)  =  V2{PQR)1L1A2k  o  V2(PQR)1L1A2h 
V2  (PQR)1  L1  A2  lx  =  1 V2(PQR)1L1A1X 

as  premises,  we  obtain 

V2(PQR)1L1A  :  Fun  [M,  N] .  (83) 

Again  from  (10),  using  (83),  (82),  and  the  equations 

V2(PQR)1L2(go  f)  =  V2(PQR)1L2goV2(PQR)1L2f 
V2(PQR)1L21A  =  lv2(PQR)1L1A 

as  premises,  we  get 

V2(PQR)1L  :  Fun  [L,  Fun  [M,  N]  ] .  (84) 
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Still  again  from  (10),  using  (84),  (81),  and  the  equations 

V2(PQR)2(Toa)  =  V2(PQR)2toV2(PQR)2o- 

V2(PQR)2Il  =  ^-V2(PQRyL 

as  premises,  we  have 

V2(PQR)  :  Fun  [Fun  [C,  Fun  [D,  E]  ] ,  Fun  [L,  Fun  [M,  N]  ]  ] . 

By  (23)  and  (76), 

V2(PQR)  :  Cat(l/1(CDE),F1(LMN)).  (85) 

One  concludes  from  (76)  and  (85)  and  the  equations 

V2{{IJK)o{PQR))  =  V2(IJK)oV2{PQR ) 

^21(cde)  =  lyqcDE) 

using  (10)  that 

V  :  Fun  [Cat3,  Cat] .  (86) 

This  establishes  the  type  of  V. 

For  the  last  part  of  the  proof,  we  wish  to  show  that  9  and  77  are  natural 
transformations  of  the  correct  type.  We  have  already  shown  in  step  3  that  they 
are  inverses.  For  this  part  of  the  proof,  we  work  in  the  type  environment 

P  :  Fun  [L,  C]  =  Cat(L,  C)  =  Catop(C,  L) 

Q  :  Fun  [M,  D]  =  Cat(M,  D)  =  Catop(D,  M) 

R  :  Fun  [E,  N]  =  Cat(E.  N) 

F,G  :  Fun  [C  x  D.  E] 

<p  :  Fun  [C  x  D.  E]  (F,  G) 

A,B  :  C 
X,Y  :  D 
9  ■  C  (A,B) 
h  :  D(X,Y). 

We  showed  in  step  1  that 

<2(CDE)  :  Fun  [Fun  [C  x  D,  E] ,  Fun  [C,  Fun  [D,  E]  ]  ] . 

It  follows  from  (23),  (60),  and  (76)  that 

6>(CDE)  :  Cat(171(CDE),y1(CDE)),  (87) 


and  similarly 


6>(LMN)  :  Cat(U1(LMN),  V^LMN)). 
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Combining  these  facts  with  (72)  and  (85)  using  (4), 

0(LMI\l)  o  U2(PQR)  :  Cat(t/1(CDE),  V^LMIM)) 
V2(PQR)  o0(CDE)  :  Cat(t/1(CDE),  Vrl(LMN)). 


As  part  of  the  proof  that  0  is  a  natural  transformation,  we  wish  to  show  that 
these  expression  are  equal. 

By  equational  reasoning  using  the  definitions  (26)-(26),  we  can  derive 


(0(LMN)  o  U2(PQR))1F1A1X 
(0(LMN)  o  U2(PQR))1F1A2h 
(0(LMN)  o  U2 (PQR))1  F2 gX 
(0(LMN)  o  U2(PQR))2ifiAX 

Since  h,  g,  X,  and  A  were  arbitrary, 
(0(LMN)  o  ^(PQR))1 
(l 9(LMN)  oU2(PQR ))2 


( V2{PQR )  o  0(CDE))1F1A1A 
(' V2(PQR )  o  0(CDE))1F1A2/i 
(V2(PQR)oO{CDE))1F2gX 
(V2(PQR)  o  0{CDE))2<pAX. 

(V2(PQR)  O0(CDE))1 
(V2(PQR.)  o  0(CDE))2, 

V2(PQR)  O0(CDE).  (88) 


thus  by  (20), 

0(LMN)  o  U2{PQR) 


Now  using  (17)  with  (75),  (86),  (87),  and  (88)  as  premises, 

0  :  Fun  [Cat3,  Cat]  (U,  V). 


This  establishes  that  0  is  a  natural  transformation  of  the  appropriate  type. 
The  proof  that  rj  :  Fun  [Cat3,  Cat]  (V.  U)  is  similar. 


□ 


5  Conclusions  and  Future  Work 


In  addition  to  Theorem  4.1,  we  have  also  developed  a  direct  proof  that  Cat 
is  cartesian  closed.  This  involves  establishing  a  particular  adjunction,  as  illus¬ 
trated  in  the  following  two  diagrams: 

F^1  H  s 

C  X  D - -  Fun  [D,  E]  x  D  — - ►  E 


F1 


F1 

H 

1 

C 


C  x  D 
Fl 

C 


G1 

Fun [D, E]  - A  Fun [D, E] 

K 


C  x  D  ■ 

G1 


G2K 


G1 


Fun  [D,  C  x  D]  - ►  Fun  [D,  E] 
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Like  Theorem  4.1,  the  proof  breaks  into  several  steps: 

1.  the  definition  and  typing  of  the  unit  77  of  the  adjuction, 

2.  the  definition  and  typing  of  the  counit  £  of  the  adjuction, 

3.  the  definition  and  typing  of  the  left  adjoint  F, 

4.  the  definition  and  typing  of  the  right  adjoint  G, 

5.  the  definition  of  a  bijection  between  the  two  homsets  Cat(C  x  D,  E)  and 
Cat(C,  Fun  [D,  E] )  consisting  of  a  pair  of  inverse  maps  H  1— >  e  o  F2H  and 
K  1— >  G2K  o  77,  and  a  proof  that  they  are  inverses. 

The  arguments  are  very  similar  to  those  in  the  proof  of  Theorem  4.1. 

Several  intriguing  problems  present  themselves  for  future  work.  Of  course, 
the  most  interesting  prospect  is  the  automation  of  the  system.  As  one  works 
with  the  system,  it  becomes  quickly  apparent  that,  as  notationally  complex  as 
the  proofs  are,  they  can  for  the  most  part  be  developed  in  a  purely  mechanical 
fashion.  Using  backwards  subgoaling  starting  from  the  desired  conclusion  and 
working  backwards,  the  application  of  rules  is  largely  syntax-directed  and  deter¬ 
ministic.  Except  for  the  equational  arguments,  very  little  thought  is  required; 
most  of  the  work  involves  merely  matching  and  substitution.  The  typing  con¬ 
siderations  alone  dictate  the  overall  structure  of  the  proof,  even  determining 
to  a  large  extent  the  definitions  at  the  beginning  of  each  step  (e.g.  (26)— (29) 
and  (48) — (50)) .  Even  the  equational  proofs  tend  to  exhibit  a  nearly  determin¬ 
istic  structure.  This  indicates  strongly  that  most  of  the  process  can  be  fully 
automated,  and  the  proof  search  can  be  made  quite  efficient. 

We  are  currently  investigating  the  possibility  of  implementing  this  system  in 
the  NuPrl  automated  deduction  system  [6].  NuPrl  not  only  provides  a  general 
formalism  for  encoding  proof  rules,  but  it  also  provides  a  programming  language 
for  specifying  tactics  for  automatic  proof  development. 

Proofs  in  our  system,  as  mentioned,  tend  to  exhibit  a  discernable  structure, 
at  least  for  the  verification  of  type  judgements  and  to  a  lesser  extent  for  the 
equations.  Arguments  tend  to  break  down  into  the  application  of  analysis  rules 
followed  by  the  application  of  synthesis  rules,  suggesting  a  normal  form.  Even 
the  equational  arguments  tend  to  follow  a  certain  structure,  with  the  applica¬ 
tion  of  analysis  rules  followed  by  application  of  the  extensionality  rules.  These 
observations  point  toward  a  normal  form  theorem. 

Another  interesting  question  is  the  computational  complexity  of  the  system. 
As  mentioned,  proofs  tend  to  be  largely  syntax-directed  and  deterministic.  This 
seems  to  indicate  that  the  complexity  of  the  system  is  low. 
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